ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 293 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 293
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company recently deployed a new AWS account and wants to be notified immediately if a specific number of unauthorized AWS API requests are detected. A security engineer has turned on AWS CloudTrail for the account and is sending CloudTrail logs to Amazon CloudWatch.
Which other action must the security engineer perform to receive automated alerts about unauthorized AWS API calls?

  • A. Create a CloudWatch metric filter that looks for API call error codes. Configure an alarm that is based on that metric's rate to send an Amazon Simple Notification Service (Amazon SNS) notification when the threshold is exceeded.
  • B. Configure CloudTrail to stream event data to Amazon Kinesis Data Streams. Configure an AWS Lambda function on the stream to initiate an alarm when the threshold is exceeded.
  • C. Run an Amazon Athena SQL query against CloudTrail log files for unauthorized API requests. Use Amazon QuickSight to create an operational dashboard.
  • D. Use the AWS Personal Health Dashboard to monitor the account's use of AWS services and to provide an alert if service error rates increase.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by khamrumunnu at Jan. 1, 2022, 11:19 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
khamrumunnu
Highly Voted 3 years, 6 months ago
A is the answer A. Create a CloudWatch metric filter that looks for API call error codes. Configure an alarm that is based on that metricג€™s rate to send an Amazon Simple Notification Service (Amazon SNS) notification when the threshold is exceeded. And also question mentioned it needs automatic notifications. Which can be done by AWS SNS Athena queries S3 bucket. In question it is clearly mentioned that CloudTrail log destination is Cloudwatch Logs.
upvoted 11 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: A
Correct answer is A
upvoted 1 times
Raphaello
1 year, 4 months ago
Using CW Logs metric filter { ($.errorCode = "*UnauthorizedOperation") || ($.errorCode = "AccessDenied*") }
upvoted 1 times
...
...
Toptip
2 years, 1 month ago
Selected Answer: A
A .. Easy one:)
upvoted 2 times
...
D2
2 years, 7 months ago
Selected Answer: A
Answer A
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
A is Correct Answer
upvoted 1 times
...
ggx
3 years, 5 months ago
Selected Answer: A
Keyword is automatic notifications. My answer is A
upvoted 3 times
...
sam_live
3 years, 5 months ago
Option C can't be correct because the CloudTrail logs are sent to CloudWatch not S3 bucket. Correct answer is A.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel